You are not logged in.
Pages: 1
Topic closed
Hey guys!
I've read in a german linux magazin, that 1024-bit keys for ssh are not longer secure.
They recommend for privat people 1280bit, for bussines 1536bit and for governments 2048bit.
The default auf the "ssh-keygen" is 1024 and the sshd start/stop/restart scripts uses the "ssh-keygen"-default.
So if you don't make you're own key, you'll get 1024bit key... i know, this is not "really" insecure, but it might be interesting for users who need ssh!
Regards,
Moritz
Offline
http://www.networkcomputing.com/buzzcut/020412bc.html
They're not insecure yet, per se. But in due time they will be. Something for sysadmins to note.
Offline
When it comes to any security it is honestly all a numbers game. For example, the only reason we should be using passwords of upper, lower, numerical, and symbol characters, with a length greater than 20, is that an offline brute force these days that is distributed over a large (+10,000 nodes) botnet is easily capable of testing roughly 10^20 passwords per second (This is my personal estimate; It is not really a fact and is easily open for debate). So really the longer any authenticating token is, the better. However it goes without saying that it still needs to be usable as a consequence (A 1Tb (Terabit) key is likely a very dumb choice... For now).
Offline
Hello pilotkeller, welcome to the forums. I'd like to ask you for a favor. Can you see the datestamps on the other posts? It says 2003-01-27 for both of them. Now, please read Forum Etiquette: Necro-Bumping. Thank you.
Closing.
aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies
Offline
Pages: 1
Topic closed